Master Key / Multiple Users

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Master Key / Multiple Users

Edward Ned Harvey (openssl)

Suppose you have a single resource to be encrypted, and it should be accessible by multiple users.  Is there a way to encrypt something such that multiple keys would work?  I can't seem to find any such solution...

 

How do things like FileVault implement a Master Key, and multiple users?  It seems like something MUST be possible...  The only thing I can think of is to encrypt the resource using a shared secret, and the shared secret can be obtained by individuals either by their password or by their public/private keypair.  This would actually mean you take a small resource (the shared secret) and make n-copies encrypted separately for n-individual users.  It's not really using multiple keys to access the same resource; it's achieving the same end result effective only on a small scale.

 

Is there a better way?

Reply | Threaded
Open this post in threaded view
|

Re: Master Key / Multiple Users

Jeffrey Walton-3
On Tue, May 8, 2012 at 9:13 AM, Edward Ned Harvey <[hidden email]> wrote:
> Suppose you have a single resource to be encrypted, and it should be
> accessible by multiple users.  Is there a way to encrypt something such that
> multiple keys would work?  I can't seem to find any such solution...
Take a look at Microsoft's Encrypted File System (EFS). Its encrypted
under a user's key with a recovery key.

I seem to recall a nice explaination during an MCSE course, but I
don't have the book with me.

> How do things like FileVault implement a Master Key, and multiple users?
FileVault is not the best example of how to do cryptography :)

Jeff
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Master Key / Multiple Users

Jakob Bohm-7
In reply to this post by Edward Ned Harvey (openssl)
On 5/8/2012 3:13 PM, Edward Ned Harvey wrote:

>
> Suppose you have a single resource to be encrypted, and it should be
> accessible by multiple users.  Is there a way to encrypt something
> such that multiple keys would work?  I can't seem to find any such
> solution...
>
> How do things like FileVault implement a Master Key, and multiple
> users?  It seems like something MUST be possible...  The only thing I
> can think of is to encrypt the resource using a shared secret, and the
> shared secret can be obtained by individuals either by their password
> or by their public/private keypair.  This would actually mean you take
> a small resource (the shared secret) and make n-copies encrypted
> separately for n-individual users.  It's not really using multiple
> keys to access the same resource; it's achieving the same end result
> effective only on a small scale.
>
Actually that is very close to the way:

 1. Encrypt the item(s) with random symmetric key(s), then encrypt the
    symmetric key with the public key of a user, then that user can use
    his private key to decrypt it and get the symmetric key for
    decryption.  This is the same as when encrypting an e-mail using
    S/MIME, CMS or PKCS#7 (which are generally different versions of the
    same thing) or PGP/GPG (same principle, different protocol).
 2. To make it available to multiple people, encrypt it using the public
    key of each user, so that each can decrypt it using his key.  This
    is also what happens when encrypting an e-mail to more than one
    recipient, or when encrypting an e-mail and allowing yourself to
    decrypt the copy in your Sent folder (In that case, you are the
    second user).

All of this can be done with the cms and pkcs7 subcommands of the
openssl command line tool, or with gpg/pgp.

I think Microsoft's EFS does it this way too, with a special network
administrator option to require that the network administrators
"recovery public key" is always one of the users, just in case.

> Is there a better way?
>
Some mathematically inclined cryptographers may have come up with some
fancy math formula that does the same as the above without storing one
public key encrypted copy of the symmetric key for each user, but I
doubt it is any easier to use, unless there are literally thousands (or
even millions) of authorized users/recipients (this is what encrypted
satellite TV providers and other DRM based publishers have to deal with,
they encrypt the broadcast once, and send a single encrypted copy over
the airwaves,  and try to make it so only those who paid for that
show/channel can decrypt it using a physically sealed box that tries not
to reveal the decrypted symmetric key).

Enjoy

Jakob

--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
<tel:+4531131610>
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]